> recourselessly banning users from countries that are sanctioned by the United States

Are you suggesting that Microsoft should intentionally opt not to comply with OFAC sanctions?

Do you know of any non-OFAC sanctioned entities that have made that choice?

Are you aware of any OFAC sanctioned entities that maintain public accounts on any other code sharing sites?

AFAIK Github can provide free access to public repositories even if the users are subject to OFAC sanctions. In some cases they've applied for (and received) exemptions to allow for sales of paid services: https://github.blog/2021-01-05-advancing-developer-freedom-g...

They also banned developers that worked on Tornado Cash (not just the project, any developers that worked on it), a project that had a deployment put on the OFAC list. It's almost universally agreed to be an unnecessary step by Microsoft.

Did they ban anyone other than the core project developers? There were specific people called out by name in the Dutch press release believed to have personally profited from North Korea's money laundering through Tornado Cash. That's pretty different from “any developers”

I note that Matthew Green's mirror and GitHub account do not appear to have been blocked, which would fit with the idea that there's more to this than just committing code:

https://github.com/tornado-repositories

> github has had more than fifty outages this year alone

I'm a heavy user of github every day and maybe 1 or 2 of these caused me any disruption whatsoever. Most of the time I think they created productivity boosts as people just focused on what they were working on instead of reacting to Github notifications about issues or PRs or failing tests or whatever.

> a rocky history of recourselessly banning users from countries that are sanctioned by the United States

This is likely a feature for companies, projects, and organizations who have (or want) to adhere to the same strict regulations.

I think the bigger picture here is the migration to Git, since that lets you keep working during an outage. SVN does not.

In fact the very fact that your source control hosting service can be surpringly[1] unreliable is the best advertisement for git you could imagine.

In fact, if github disappeared from the internet today, all but the largest projects could just set up an ssh-accessible box somewhere and continue work (code review and issue interfaces notwithstanding, of course), probably with 24 hours.

[1] I work in github-cloned repositories almost full time. And sure, I remember a handful of times over the past 4-5 years where it's been down when I wanted to push something. I had no idea it was 50x/year! And that's because "working in a github-cloned repository" doesn't, in fact, require much contact with github itself.

> I think the bigger picture here is the migration to Git

Is it tho? Why wouldn't they just install git on their server? Now there is not many mainstream successful social hosting for svn. They acknowledge the choice of github is to attract devs. So it's as much about the software as about the type of hosting and web presence.

> Why wouldn't they just install git on their server?

That's easy, and it's about 5% of the functionality which GitHub provides. Even if you're working entirely in private, the tools you'd have to build yourself to do code review, CI/CD, package management, security updates, etc. are a significant amount of work and that's before you get to things like Codespaces.

I doubt webkit would do anything beyond code review on github.

Code review itself is a big deal in terms of the complexity of the UI for managing reviews but I’d also be surprised if they didn’t use anything else. Linting and other static analysis checks, reporting CI results, etc. are quite powerful and less work than setting the equivalent infrastructure up yourself.

Ah yes, they will 100% have a working review process with some other tools, no need to migrate to github's which isn't really flexible anyway.

There are a handful of deep Git features like rebase or bisect which GitHub doesn’t expose but those aren’t things most people use frequently. Git has no equivalent for the things people do use all of the time: the issue tracking system, code review with all sorts of rules and approvals, the CI/CD system, package management for manage languages, not to mention newer features like Codespaces.

That’s a ton of features which cause people to use services like GitHub or GitLab, and it’s not like you’re giving up any of the CLI functionality to do so. My point wasn’t that these services are perfect but rather that there’s way more to it than setting up a Linux box you can push to.

I don’t disagree with anything you’re saying other than the relative scale of what each provides. Like I said, I like GitHub. I just think it adds less to git than git adds to it. And most of their features are great, but I’d sure rather a nice distributed interface to bisect than an IDE in browser or issue forums (which are useful too!).

I believe interactive rebases are my most frequently used git command :)

I commit more frequently, yes, but I will note that it works great in Codespaces if you don't want to run it locally.

hm, git is distributed and works offline https://git-scm.com/about/distributed

It "works offline" in that you can create commits, view project history, and view every branch while offline. But fetching and pushing are such a common part of an engineer's day-to-day workflow that a poorly-timed outage of your remote repo is very disruptive, especially if you use git for deployment.

This is technically true but the number of GitHub outages which have prevented you from doing that for more than a couple of minutes is pretty low. In comparisons like this, the more important question is not “is GitHub perfect?” but rather “what are you comparing it to?” — internal systems are notorious time-sinks and productivity levels from using GitHub normally are high enough that I think it'd be quite fair to conclude that you're still well ahead of where you'd be even if you have an extended coffee break once or twice a year.

You can fall back to the actual intended git development model, emailing each other patches with `git format-patch` and `git am`.

Not that code reviews of diffs over email are all that great.

Not to mention if you rely on gh actions for ci/cd. I think it makes sense for them to migrate to git and github, but I've been slowly migrating most of my code to sr.ht or self-hosted mirrors. Email patches work pretty well for smaller teams.

Git is literally an SSH sever so management is not a complex as you think.

it's disruptive the first time you have to do it without github; afterwards it should be only a few tweaks in your git repo url configs

FWIW not all of those outages were the core git/web product. A lot of those were GitHub actions or other associated functionality... but yeah it goes down disturbingly often given how much we all depend on it.

As roused as people get about browser monoculture, they should be doing the same about Git forge monoculture and centralization.

Have you ever used SVN?

It's like git, but even more connected to a centralized server.

I think GP is not talking about git in general, but about choosing a free-tier hosting by an american commercial entity, and not by the project itself or some other umbrella organization.

Are there that many active (and high value generating) developers from the sanctioned countries to be impediment?

Not being on github also has costs.

It's all about the tradeoffs.

Don't those sanctions also apply to the largest maintainers/contributors/mergers of WebKit (Apple)